Bug 1041859

Summary: [RFE][keystone]: Update own password
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: openstack-keystoneAssignee: RHOS Maint <rhos-maint>
Status: CLOSED ERRATA QA Contact: Udi Kalifon <ukalifon>
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: aberezin, ayoung, breeler, markmc, nkinder, yeylon
Target Milestone: Upstream M1Keywords: FutureFeature, Triaged
Target Release: 5.0 (RHEL 7)   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/keystone/+spec/v3-user-update-own-password
Whiteboard: upstream_milestone_icehouse-1 upstream_status_implemented upstream_definition_new
Fixed In Version: Doc Type: Enhancement
Doc Text:
Previously, users could not update their own passwords using the V3 API, only administrators could update users' passwords using the V3 API. Now that the V3 API is the default, (no longer the V2 API), users can update their own passwords too.
 Story Points: ---
Clone Of:
: 1082407 (view as bug list) Environment:
Last Closed: 2014-07-08 15:23:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1082407    

Description RHOS Integration 2013-12-12 19:44:59 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/v3-user-update-own-password.

Description:

Identity API v2.0 contains an explicit API resource that allows users to update their own password by simultaneously providing their current password as a confirmation.

The existing v3 user update method (PATCH /v3/users/{user_id}) is aimed at administrators and allows any attribute of a user to be immediately overridden. If a regular user is allowed access to this API and their token is compromised, the user account can be permanently compromised by simply overriding the existing password. To prevent this, v3 needs a new API targeted at end users which requires the existing password be provided along with the new password.

Specification URL (additional information):

https://review.openstack.org/52448
Comment 2 Stephen Gordon 2014-01-23 20:48:09 UTC 
Moving to POST based on upstream status (Implemented).
Comment 3 Udi Kalifon 2014-04-27 12:12:09 UTC 
Verified in: openstack-keystone-2014.1-2.el7.noarch
Comment 6 errata-xmlrpc 2014-07-08 15:23:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-0854.html